passport-twitter
passport-twitter copied to clipboard
jaredhanson
Get user email
I`ve seen that in order for Twitter to let you access user email, you have to ask them for special permission to do so. I've received the permission, then enabled it under "Additional permissions" on my Twitter app management, but still can't retrieve the email. Is this a problem with this library or is it with Twitter?
Have you solved it?
I´m waiting for approval so i cannot test, but it says in Twitter docs that you´ll have to forget old tokens for the extra permission to appear.
Not solved yet. I just removed the twitter authentication from the site, seeing that it didn't work as it supposed to, waiting to have some time to do more testing.
So you should regenerate the token after the permission was granted? That's all? Tell me if it worked for you after you get the approval please. Thanks!
This exists in PR #61 , hopefully @jaredhanson will have some time to look into it.
You can.. but you have to add a userProfileURL in the authorization strategy..
This is my strategy:
// Twitter OAUTH Strategy
Auth.passport.use(new TwitterStrategy({
consumerKey: config.get("authentication.twitter.consumerKey"),
consumerSecret: config.get("authentication.twitter.consumerSecret"),
userProfileURL: "https://api.twitter.com/1.1/account/verify_credentials.json?include_email=true",
callbackURL: config.get("authentication.twitter.callbackURL")
},
function(token, tokenSecret, profile, done) {
Login.findOrCreateUser(profile,function(err,user) {
done(err,user);
});
}
));
´´´
That URL doesn't work for me. Looking at the source code it seems like
"?user_id=" + user.id
is being appended to the URL which screws up the request if there is already a "?include_email=true" query string. Is there a particular reason why the "account/verify_credentials" API endpoint isn't being used by this request? Because that would eliminate the need for adding the user ID as a query string...
Yeah sorry.
I commented that out of the file a long time ago and didn´t remember .
On Sun, Dec 20, 2015 at 8:58 AM, Taylor Stevens [email protected] wrote:
That URL doesn't work for me. Looking at the source code it seems like
"?user_id=" + user.id
is being appended to the URL which screws up the request if there is already a "?include_email=true" query string. Is there a particular reason why the "account/verify_credentials" API endpoint isn't being used by this request? Because that would eliminate the need for adding the user ID as a query string...
— Reply to this email directly or view it on GitHub https://github.com/jaredhanson/passport-twitter/issues/67#issuecomment-166087998 .
Has this been resolved? I keep getting 500 "Could not authenticate you." error when trying to get the user profile with email, using @nachojimenez's answer above. Also using a whitelisted app, and have followed all of the steps (add TOS and Privacy Policy page links, check "Additional Permissions" box, etc.)
Did you remove the automatic query string addition in the userProfile function? Also did you create new API keys and secrets after gaining permission and checking the box?
+1
Thought #61 addressed this, but upon trying email: true and includeEmail: true in options, I still cannot get email after twitter auth.
I can confirm by adding
userProfileURL: "https://api.twitter.com/1.1/account/verify_credentials.json?include_email=true"
alongside granted email permissions from twitter works.
Wish Twitter would just use scope and profileFields like everyone else, but I can also confirm that changing userProfileURL and having a whitelisted app makes email visible in the JSON that comes back.
@MichaelArnoldOwens no, but you do have to get a new token for each user as it says it "only applies to new logins".
@tambling I'm with ya! so annoying.... however, it does work with userProfileURL, if you've been granted email permissions, which is better than nothing!
IT ALSO works by using includeEmail: true, without the userProfileURL.
here's what I'm using:
consumerKey : configAuth.twitterAuth.consumerKey,
consumerSecret : configAuth.twitterAuth.consumerSecret,
callbackURL : configAuth.twitterAuth.callbackURL,
includeEmail: true
To get whitelisted, use this URL: https://support.twitter.com/forms/platform, select "I need access to special permissions", then enter "Email" into "Permissions Requested"
I requested whitelisting by going to https://support.twitter.com/forms/platform and got this email in reply:
Thanks for reaching out. Details on Twitter's available special permissions are below:
Email Requesting Permission: Developers can now directly enable email requesting permission for all apps created via apps.twitter.com. To proceed simply log into your app at apps.twitter.com and add links to your Terms and Conditions and Privacy Policy under the Settings tab. Then, check the Request email addresses from users box under the Permissions tab. Please visit our Developers Forum for any technical questions regarding this permission.
Email Requesting Permissions for Fabric Apps: Email requesting permission is only available for apps created via apps.twitter.com. To proceed please create a new key there, and then respond to this email with this new app ID. We will then add Fabric permissions to it.
Currently there is no way to combine apps.twitter.com apps with those created via fabric.io. We appreciate your understanding.
App Cards: Please respond to this email to confirm if you are requesting app card access.
xAuth: xAuth is not currently available. For comprehensive documentation on all of the Twitter API’s authentication and authorization paths, please visit this page on our developer site.
Regards, Twitter Platform Operations
can confirm: by adding the email permissions to my app and regenerating the consumer key and secret AND by adding this special url to my strategy like this:
export default new TwitterStrategy({
consumerKey : process.env.AUTH_TWITTER_CONSUMER_KEY,
consumerSecret : process.env.AUTH_TWITTER_CONSUMER_SECRET,
callbackURL : process.env.AUTH_TWITTER_CALLBACK_URL,
userProfileURL : 'https://api.twitter.com/1.1/account/verify_credentials.json?include_email=true',
passReqToCallback : true,
},
(req: Object, accessToken: string, refreshToken: string, profile: Object, done: Function): void => {
...
}
then it just starts working like any other oauth2 passport strategy (i've implemented so far) by giving you a profile.emails[0].value 😉
@davidwieler's answer is great!
Here are updated steps to add email permissions to a Twitter App in 2019:
- Visit https://developer.twitter.com/en/apps
- Click "Details" next your app
- Ensure "Terms of service URL" and "Privacy policy URL" have values (if not, click "Edit" to add and save them)
- Click "Permissions" tab
- Click "Edit"
- Check the "Request email address from users" option
- Hit "Save"
Thanks to @rvetere. Request email address from users option should be checked. and you have to Regenerate the Tokens to get the email value in response.
